The Exchange Team released the October update for Exchange Server 2016. You may notice the absence of Exchange 2013, which is now in extended support phase and thus won’t receive regular updates. This heads-up was also given together with the updates of June.

This update contain the following important changes and notes:

• Exchange 2016 CU11 – as well as Exchange 2013 CU21 – are supported with .NET Framework 4.7.2; at least .NET Framework 4.7.1 is required for both.
• Exchange 2016 CU13 (the June 2019 release, December will be skipped) will start requiring .NET Framework 4.7.2, similar to the release of Exchange 2019; Windows Server 2019 will contain .NET Framework 4.7.2.
• Exchange 2016 requires installation of VC++ 2012 runtime prior to installation. Additionally, when installing the Mailbox role, VC++ 2013 runtime needs to be installed as well.

Exchange 2016 CU11 fixes:

• 4076516 Email message body is garbled when the Russian version of Outlook is used in Exchange Server 2016
• 4095967 CultureNotFoundException when you select an LCID 4096 language in Exchange Server 2016
• 4456225 The image in a signature that’s created in Outlook on the web isn’t visible to external users in Exchange Server 2016
• 4456226 Require SSL setting of MAPI virtual directory is reset after you install a cumulative update of Exchange Server 2016
• 4456227 ActiveSync clients cannot connect or synchronizing is delayed in an Exchange Server environment
• 4456228 Add an option to control UseAscReqNoToken through app configuration for Exchange Server 2016
• 4456229 Irrelevant management role entries without parameters are displayed in Exchange Server 2016
• 4456230 Component/protocol level bypass option for InternetWebProxy to avoid unnecessary proxy traffic within internal networks
• 4456231 AdvancedDataGovernanceLogs is created on the D drive after deploying Exchange Server 2016
• 4456232 Outlook on the web enters an authentication loop when you use device registration in Exchange Server 2016
• 4456234 Email can’t be delivered when the subject has an unknown character set in Exchange Server 2016
• 4456240 “CrimsonProbe has been poisoned repeatedly” error when migrating mailboxes to Exchange Server 2016
• 4456243 Hashed lines shown in scheduling assistant when Exchange Server 2016 tries to retrieve free/busy information across untrusted forests
• 4456244 Public folder forwards the new item that you create in Exchange Server 2016
• 4456245 Event ID 4999 and NullReferenceException when the New-MailboxRestoreRequest and New-MailboxExportRequest cmdlets fail in Exchange Server 2016
• 4456247 StoreDriver.config validation fails then meeting reminder can’t be set to “None” in Exchange Server 2016
• 4456249 Message tracking logs can’t be fully indexed in Exchange Server 2016
• 4456250 Users can download and view attachments that exceed the maximum attachment size setting in mobile device mailbox policy in Exchange Server 2016
• 4456259 Exchange Server 2016 user can’t access a shared calendar from Exchange Server 2013
• 4456233 UAPStatisticsLog and RecordReview are created on the D drive after you deploy Exchange Server 2016
• 4459847 Can’t send S/MIME encrypted mail or update the S/MIME control from Outlook on the web in Exchange Server 2016

Notes:

• Exchange 2016 CU11 does not contain schema changes compared to their previous Cumulative Update. However, they may introduce RBAC changes in your environment. Use setup /PrepareAD to apply RBAC changes, before deploying or updating Exchange servers.
• When upgrading from an n-2 or earlier version of Exchange, or an early version of the .NET Framework, consult Upgrade Paths for CU’s & .NET.
• Don’t forget to put the Exchange server in maintenance mode prior to updating. Regardless, setup will put the server in server-wide offline mode post-analysis, before making actual changes.
• When using Exchange hybrid deployments or Exchange Online Archiving (EOA), you are required to stay at most one version behind (n-1).
• If you want to speed up the update process for systems without internet access, you can follow the procedure described here to disable publisher’s certificate revocation checking.
• Cumulative Updates can be installed directly; no need to install RTM prior to installing Cumulative Updates.
• Once installed, you can’t uninstall a Cumulative Update nor any of the installed Exchange server roles.
• The order in which you upgrade servers with Cumulative Updates is irrelevant.

Caution:

As for any update, I recommend to thoroughly test updates in a test environment prior to implementing them in production. When you lack such facilities, hold out a few days and monitor the comments on the original publication or forums for any issues.